This FAQ is designed to help teams evaluate whether Wiz is the right cloud security solution for them by answering the most common technical, strategic, and logistical questions.
1. Understanding Wiz: What It Is and What It Offers
1.1 What is Wiz?
Wiz is a Cloud Native Application Protection Platform (CNAPP) that gives organizations full visibility into their cloud environments, so they can build fast and securely, manage risk with context, and detect and respond to threats at scale.
It delivers unified visibility through agentless scanning and brings together key security capabilities — including CSPM, CIEM, DSPM, CWPP, and IaC scanning — into a single platform. Wiz also supports runtime protection with a lightweight sensor for real-time threat detection and container-level visibility.
At its core, Wiz helps teams:
Secure cloud development with shift-left scanning in CI/CD pipelines
Manage cloud security posture by identifying and prioritizing risks across misconfigurations, vulnerabilities, permissions, data exposure, and more
Protect at runtime and respond to threats using context-rich detections mapped to real attack paths via the Wiz Security Graph
Wiz works across all major cloud platforms (AWS, Azure, GCP, OCI, Kubernetes) and streamlines compliance, DevSecOps, and AI/data workload protection.
1.2 What products does Wiz offer?
Wiz offers a unified CNAPP platform with three integrated products – Wiz Code, Wiz Cloud, and Wiz Defend – all built on the Wiz Security Graph with a single scanning and policy engine, available in one console. Together, they help organizations secure everything from code to runtime.
1. Wiz Cloud
Wiz Cloud delivers agentless visibility and risk prioritization across your entire cloud environment — from infrastructure to data — using API-based scanning.
Covers IaaS, PaaS, serverless, containers, and data services across AWS, Azure, GCP, OCI, and Kubernetes
Identifies and correlates risks across misconfigurations, vulnerabilities, identities, secrets, internet exposure, and sensitive data
Maps interconnected risks to real attack paths using the Wiz Security Graph, so teams can focus on what matters most
Watch a 12-min demo of Wiz Cloud
2. Wiz Code
Wiz Code helps you prevent risks before they ever reach the cloud by securing infrastructure and application code early in the development lifecycle.
Scans IaC (Terraform, CloudFormation, Kubernetes), detects secrets, analyzes SBOMs, and identifies malware and sensitive data exposure in code
Maps cloud risks back to their source in code through cloud-to-code correlation
Empowers developers and security teams to fix issues fast with one-click remediation in IDEs, pull requests, and CI/CD pipelines
Watch a 5-min demo of Wiz Code
3. Wiz Defend
Wiz Defend delivers real-time threat detection and response for cloud workloads, helping security teams reduce response times and contain threats faster.
Protects runtime environments including VMs, containers, and serverless containers with a lightweight, eBPF-based sensor that block threats in real time
Accelerates response for SOC and IR teams with automated forensic collection, one-click containment workflows, and integrations with SIEM and SOAR tools
Reduces MTTR by surfacing attack storylines, assessing blast radius, and routing investigation context directly to security and dev teams with AskAI copilot support
Watch a 6-min demo of Wiz Defend
2. Platform Fit: Is Wiz Right for You?
2.1 What types of organizations use Wiz?
Wiz is trusted by over 50% of Fortune 100 companies, along with leading global brands across finance, healthcare, retail, media, and government. It’s also widely adopted by tech-native startups and mid-market companies modernizing their cloud environments.
Wiz delivers value at every stage of cloud maturity, from gaining initial visibility into risk to scaling advanced posture, identity, and threat management across large, complex environments.
2.2 Is Wiz the right solution for my team?
Wiz is built for modern cloud security teams that want to move fast, reduce risk, and stay ahead of threats with a unified scanning engine in one console.
It’s the right solution if you’re looking to:
Get a single, unified view of risk across code, cloud infrastructure, identities, and runtime activity
Prevent security risks from reaching production by surfacing risks early and guiding developers to fix them in their workflow
Understand which risks actually matter — and why — through deep context and real attack path analysis
Detect and respond to active threats in real time, with automated investigation context and response workflows
Eliminate alert fatigue and manual processes by connecting posture management, threat detection, and remediation in one platform
2.3 What results do Wiz customers typically see?
Wiz customers typically see:
Immediate visibility: Fast deployment (often minutes), with visibility across multi-cloud assets and workloads.
Substantial risk reduction: Over 50% of customers have achieved “Zero Critical” status by eliminating high-impact attack paths.
Faster incident handling: MTTR improves by ~40%, thanks to AI-powered remediation and runtime detection.
Continuous, audit-ready compliance: Posture checks, drift detection, and custom frameworks support GDPR, HIPAA, FedRAMP, DORA, and more.
Real-world examples:
Zendesk reduced vulnerabilities out of SLA by 95%, and remediated 96% of total critical vulnerabilities.
Sixt maintains and secures 9,000 deployments per month.
Hivebrite decreased alerts by 85%.
Datavant consolidated seven security tools into one.
3. Coverage: What Wiz Secures
3.1 What cloud providers does Wiz support?
Wiz offers agentless connection to major public clouds—including AWS, Azure, Google Cloud, Oracle, and Alibaba Cloud—as well as private clouds via VMware vSphere and container platforms like Kubernetes/OpenShift. Whether you’re operating in a single cloud or across complex hybrid and multi-cloud environments, Wiz gives you a unified view of risk through its Security Graph.
3.2 How does Wiz secure my environment end to end?
Wiz protects the entire application lifecycle from development to deployment to runtime by delivering full-stack visibility and risk context in one unified platform.
Scans infrastructure as code, container images, and CI/CD pipelines to detect misconfigurations, secrets, and vulnerabilities early in development.
Analyzes cloud configurations, identity permissions, network exposure, and data sensitivity at deployment to uncover real business risks.
Monitors workloads in runtime using eBPF-based sensors to detect threats without agents or performance overhead.
Correlates findings across the stack in a Security Graph to surface the most critical risks and streamline remediation.
Covers the entire environment—including AWS, Azure, GCP, OCI, Alibaba Cloud, Kubernetes, and private clouds—in a single, unified platform.
3.3 How does Wiz protect sensitive data?
Wiz employs data security posture management to continuously discover and classify sensitive data across clouds, code, CI/CD, and AI pipelines—without agents. It then maps data flows and exposure paths using its Security Graph, correlating risk signals like misconfigurations or excessive access. Integrated with CIEM, Wiz governs “Who can access what?” and actively enforces least-privilege. Continuous compliance checks, remediation guidance, and runtime monitoring ensure end-to-end data security—from pre-deployment to live operations.
3.4 Can Wiz detect zero-days and emerging threats?
Yes. Wiz combines continuous research by its Wiz Research team, hundreds of threat intelligence feeds, eBPF‑based behavioral monitoring, and contextual correlation via the Security Graph. For new exploits (like recent SharePoint zero-days), Wiz publishes detection guidance and prebuilt queries in near-real time, delivering high‑fidelity alerts and clear remediation steps to contain novel threats, even before patches are available. And Wiz detects threats currently present in your environment.
3.5 How does Wiz handle AI workloads and services?
Wiz embeds AI Security Posture Management (AI‑SPM) into its CNAPP: it builds an AI‑BOM to detect and map AI services, SDKs, and models (managed or self-hosted); enforces secure defaults and detects misconfigurations; extends DSPM to identify and protect sensitive training data; and uses its Security Graph to find attack paths targeting AI assets. It flags malicious or unsafe self-hosted models (e.g. pickle-based ones), monitors runtime behavior for anomalies, and provides developer-friendly dashboards and contextual policy enforcement. Integration with platforms like OpenAI, Bedrock, SageMaker, Azure AI, and Vertex AI means Wiz supports AI use cases end to end—code to runtime.
4. How Wiz Works
4.1 Is Wiz agentless? How does it discover risks?
Wiz primarily uses an agentless approach for broad cloud security visibility and risk assessment. However, it also strategically employs agent-based components for real-time threat detection and to extend coverage to hybrid and on-premises environments where agentless methods might not be enough.
Wiz performs read-only snapshot scans of workloads to detect vulnerabilities and configuration issues. The Security Graph correlates signals across misconfigurations, vulnerabilities, identities, network exposure, secrets, and data to reveal contextual risks and real attack paths, prioritized by exploitability.
For runtime threat detection, Wiz Defend offers optional eBPF-based sensors that monitor behavior in Kubernetes and Linux environments—still without requiring traditional agents.
4.2 What is the Wiz sensor and how is it used?
The Wiz Sensor is an optional, lightweight, eBPF-based runtime component designed for environments where deeper visibility and protection are needed. Deployed across Linux containers and VMs, it detects and blocks behaviors like reverse shells, file tampering, malware, and cryptomining in real time. It enhances agentless scanning by validating active vulnerabilities and seamlessly feeds forensic telemetry into Wiz Defend. Integrated with the Security Graph, it provides contextualized detections, automated blocking, and powerful threat hunting—all with nearly zero performance impact.
4.3 How does Wiz prioritize risks and vulnerabilities?
Wiz prioritizes risks by evaluating not just severity, but real-world exploitability and blast radius — so teams can focus on the issues that actually pose a threat.
Goes beyond CVSS and NVD scores, combining vulnerability severity with factors like exposure, privilege level, and access to sensitive data
Correlates risks across layers — including misconfigurations, identities, network access, and public exposure — to identify toxic combinations that create real attack paths
Leverages threat intelligence from Wiz’s research teams and security community feeds to flag active exploitation and emerging risks
Ranks risk based on business impact, such as whether the asset is internet-facing, over-permissioned, or contains sensitive data
Implements fix-first guidance and SLA tracking to help teams remediate critical issues quickly and manage lower-risk items over time
4.4 How does Wiz manage identity and permissions risks?
Wiz uses its CIEM engine, built on the Security Graph, to evaluate effective access across identities and resources. It identifies over-privileged or misconfigured identities (missing MFA, admin access), exposes dangerous entitlement chains, and generates least-privilege policy recommendations. With support for zero standing privileges and just-in-time access, Wiz continuously governs permissions and alerts on drift or anomalous behavior. Contextual correlation with vulnerabilities and data ensures teams focus on the highest-risk identity issues.
4.5 How does Wiz reduce alert fatigue?
Wiz reduces alert fatigue by correlating risks across code, cloud, and runtime to surface issues with the highest exploitability and business impact:
Connects vulnerabilities, misconfigurations, secrets, identity, and data risks into toxic combinations that represent real attack paths.
Filters out noise by suppressing alerts for risks that aren’t exploitable, reachable, or actively targeted.
Prioritizes based on context. That includes blast radius, exposure, exploitability, and business impact – not isolated findings.
Groups related issues into remediation bundles so teams can fix root causes instead of chasing dozens of low-value alerts.
Helps security, DevOps, and engineering teams stay aligned with clear, actionable insights tied to real-world risk.
4.6 How fast do I get results with Wiz?
Many customers are up and running in 10–15 minutes, and report first contextual insights within about 30 minutes. Initial critical findings usually appear within the first hour. From there, Wiz continuously discovers and prioritizes new risks in real time. Exact time depends on disk size and CSP.
5. Teams, Roles, and Access
5.1 Who uses Wiz in an organization?
Wiz is built for cross-functional collaboration across security, development, DevOps, and engineering teams.
Cloud security teams use Wiz to detect, prioritize, and remediate risks across their cloud environments.
Application and product security teams use it to shift left—identifying issues in code, containers, and CI/CD pipelines before deployment.
DevOps and platform teams use Wiz for visibility into misconfigurations, infrastructure risks, and runtime behavior.
Identity and compliance teams rely on Wiz to monitor permissions, sensitive data exposure, and policy violations.
CISOs and security leaders use Wiz dashboards and reports to measure risk reduction, track posture over time, and communicate effectively with stakeholders.
5.2 Does Wiz support role-based access control?
Yes. Wiz features a full RBAC system that enables project-level scoping, predefined and custom roles, and least-privilege enforcement. Custom Roles ensure precise alignment with job functions, even through vendor updates. Wiz continuously audits for permission drift and over-privilege, making it easy to manage access, maintain compliance, and support governance frameworks like HIPAA, GDPR, or SOC 2.
6. Integrations and Workflows
6.1 What tools does Wiz integrate with?
Ticketing & collaboration: Journal alerts into Jira, ServiceNow, Slack, Teams, etc.
SIEM/SOAR: Send findings to Splunk, Sentinel, QRadar, Sumo Logic, Torq, PagerDuty.
DevOps & CI/CD: Integrates with Terraform, GitHub, GitLab, Jenkins, Azure DevOps for shift-left security.
Identity & CIEM: Connects with Okta, Azure AD, Google Workspace, CyberArk, Aembit for entitlement management and just-in-time access.
Cloud & asset management: AWS Security Hub, Azure Service Bus, GCP Pub/Sub, ServiceNow CMDB.
Analytics & GRC: Supports Brinqa, RegScale, JupiterOne for centralized risk scoring and compliance tracking.
Visit our Integrations page to learn more.
7. Deployment, Pricing, and ROI
7.1 How do I deploy Wiz? How long does it take?
Wiz is deployed by connecting your cloud accounts using secure API integrations—no agents, no downtime, no code changes. Most organizations complete deployment in under minutes to hours. Optional runtime sensors for deeper visibility can be added later as needed.
7.2 Is a free trial available?
Wiz offers a trial and Proof of Concept (PoC) options so organizations can evaluate the platform in their own environment.
7.3 How is Wiz priced?
Wiz pricing is generally based on cloud workload count, and additional features required. Exact pricing details are tailored to each organization and available on request.
7.4 How do organizations measure ROI with Wiz?
Typical ROI metrics include reduced mean time to remediation (MTTR), critical issues resolved, improved cloud visibility, consolidation of security tools, and time savings on compliance and investigations. Recent examples include:
A ~40% reduction in MTTR thanks to AI-driven guidance integrated with Amazon Bedrock.
1,000–2,000 hours saved annually in compliance and audit preparation via DSPM automation.
Proactive identification of sensitive data exposures, helping avoid potential breach costs (~$4.9M per incident).
Full deployment with real, contextualized insights in less than 30 minutes.
8. Security and Compliance
8.1 How secure is Wiz as a platform?
Wiz is built and maintained with enterprise-grade security. It holds SOC 2 Type II, ISO 27001/27701/27017/27018, PCI DSS v4, HIPAA, FedRAMP High, CSA STAR, and related certifications. Internally, Wiz follows zero-trust access, FIDO2 MFA, immutable IaC deployments, and peer-reviewed SDLC pipelines. Wiz even uses its own platform (Wiz4Wiz) to monitor and protect its production environment in real time. It’s trusted by 50% of the Fortune 100, government, healthcare, and financial organizations.
8.2 What compliance frameworks does Wiz support?
Wiz offers continuous, agentless compliance coverage across 100+ frameworks, including major standards like NIST SP 800‑53/CSF, CIS Benchmarks, PCI DSS, HIPAA, ISO 27001 (plus 27017/27018), SOC 2, FedRAMP, HITRUST, GDPR, CMMC, DORA, SOX, and more. It provides heatmap-driven insights, drill-down reports linked to failed controls, customization for internal policies, automated evidence collection, and remediation assistance—ensuring you stay audit-ready at all times.
8.3 What data does Wiz collect and where is it stored?
Wiz is designed to minimize data collection and maximize protection. The platform stores only metadata (such as resource identifiers, configuration details, and security findings) needed to deliver its services. It does not store customer content or copies of files, databases, or disks.
Sensitive or personal data may be temporarily processed during SaaS-based scanning but is never retained. All data is encrypted in transit and at rest, and secrets or data findings are redacted before storage. Wiz data is hosted in dedicated regional data centers (U.S. by default, with options across the EU, UK, Canada, Australia, India, UAE, Japan, and Israel). Each data center is isolated, immutable, and governed by strict access controls, continuous monitoring, and zero-trust authentication. Customer data never leaves the production environment, and multi-layer tenant isolation ensures each customer’s data remains fully segregated and protected.
Curious if Wiz is right for your organization?
Learn what makes Wiz the platform to enable your cloud security operation
